backgroundTaskHost[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

backgroundTaskHost.exe
Size

1.2MB
MD5

e4a9efc01444909d6a78f8bc1e55f51e
SHA1

ac7a3eb7988f590f1f519e8ab7cfeaaecbb91c8f
SHA256

9f402b1c580d3d99459b579606fea941d9d911d36d5e29bbfef9dc2d3e8de004
SHA512

b96e843d730a739bafeff2f462946d3a6a5209d09aed0d65c7ffea181f05a391375cc01998624159c55e09f7fe242086c5b8a651cbb4aba85828bef8ff44576f
SSDEEP

24576:dyN83Tv1Re9Oscr1F+0wrmwLoguxABmfkEcXuDOzm:d6c1FjuNLKqszfDm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
backgroundTaskHost.exe

Files

backgroundTaskHost.exe
.exe windows:16 windows x64 arch:x64

32b22702fd6952d9b03363cf164baa61

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
MultiByteToWideChar
WideCharToMultiByte
SetLastError
FormatMessageW
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetCurrentProcessId
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
SleepEx
VerSetConditionMask
VerifyVersionInfoW
CreateFileA
GetFileSizeEx
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
HeapSize
GetTimeZoneInformation
DeleteFileW
CreateToolhelp32Snapshot
TerminateProcess
VirtualAlloc
lstrlenW
GetCurrentProcess
VirtualFree
VirtualProtect
Process32First
GetModuleFileNameA
WriteConsoleW
GetStringTypeW
LoadLibraryExW
RaiseException
RtlPcToFileHeader
RtlUnwindEx
DeleteCriticalSection
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFullPathNameW
GetCurrentDirectoryW
SetEndOfFile
SetStdHandle
FlushFileBuffers
HeapReAlloc
GetFileAttributesExW
CreateProcessW
WaitForSingleObject
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapFree
HeapAlloc
GetConsoleOutputCP
ReadConsoleW
InitializeSListHead
GetConsoleMode
WriteFile
GetModuleFileNameW
SetFilePointerEx
FreeLibraryAndExitThread
ExitThread
CreateThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetTickCount
QueryPerformanceCounter
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetExitCodeProcess
AllocConsole
CreateProcessA
GetProcAddress
CloseHandle
Process32Next
LoadLibraryA
GetLastError
GetProcessHeap
Sleep
GetSystemTimeAsFileTime
GetCurrentThreadId
GetModuleHandleW
GetStartupInfoW
RtlUnwind
IsDebuggerPresent
IsProcessorFeaturePresent
CreateFileW
GetModuleHandleExW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
ExitProcess

user32

ShowWindow
MessageBoxA
EnumWindows
GetWindowThreadProcessId

winspool.drv

OpenPrinterA
StartDocPrinterA

advapi32

CryptCreateHash
OpenProcessToken
LookupPrivilegeValueA
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
GetTokenInformation
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
AdjustTokenPrivileges

shell32

ShellExecuteExA

ole32

CoCreateInstance

normaliz

IdnToAscii
IdnToUnicode

ws2_32

getpeername
sendto
recvfrom
freeaddrinfo
getaddrinfo
recv
gethostname
htonl
getsockname
connect
bind
accept
select
__WSAFDIsSet
socket
htons
WSAIoctl
setsockopt
WSACleanup
WSAStartup
WSASetLastError
ntohs
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
getsockopt
ioctlsocket
listen

wldap32

ord200
ord30
ord79
ord35
ord33
ord32
ord301
ord26
ord22
ord41
ord45
ord60
ord211
ord46
ord217
ord143
ord27
ord50

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

sensapi

IsDestinationReachableA
IsNetworkAlive
IsDestinationReachableW

avicap32

capCreateCaptureWindowA

netapi32

NetShareEnum

bcrypt

BCryptGenRandom

Sections

.text
Size: 988KB - Virtual size: 987KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 262B - Virtual size: 250B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32b22702fd6952d9b03363cf164baa61

Headers

DLL Characteristics

File Characteristics

Imports

version

kernel32

user32

winspool.drv

advapi32

shell32

ole32

normaliz

ws2_32

wldap32

crypt32

sensapi

avicap32

netapi32

bcrypt

Sections

.text Size: 988KB - Virtual size: 987KB

.rdata Size: 172KB - Virtual size: 172KB

.data Size: 5KB - Virtual size: 32KB

.pdata Size: 44KB - Virtual size: 43KB

_RDATA Size: 262B - Virtual size: 250B

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 988KB - Virtual size: 987KB

.rdata
Size: 172KB - Virtual size: 172KB

.data
Size: 5KB - Virtual size: 32KB

.pdata
Size: 44KB - Virtual size: 43KB

_RDATA
Size: 262B - Virtual size: 250B

.reloc
Size: 5KB - Virtual size: 4KB